CVE-2023-46801

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46801

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46801.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46801

Aliases

GHSA-jjvc-v8gw-5255

Published

2024-07-15T08:15:02Z

Modified

2024-10-08T00:03:42Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them.

This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0.

References

https://lists.apache.org/thread/0dnzh64xy1n7qo3rgo2loz9zn7m9xgdx

Affected packages

Git / github.com/apache/incubator-linkis

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-linkis
Events: Introduced

7f3c1a9b28c450ed10d5bb73594d8193273ccb48

Fixed

9be69de555a4539c73b56dd44c798026596f0f54